[4378] in WWW Security List Archive
Re: ActiveX Bank-Quicken Exploit
daemon@ATHENA.MIT.EDU (John Johnson)
Wed Feb 12 03:49:31 1997
Date: Wed, 12 Feb 1997 17:42:51 +1100
To: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
From: John Johnson <novatech@nectar.com.au>
Cc: "WWW Security List" <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Phillip M Hallam-Baker wrote....
> Chaos Computer Club challenges the notion that hackers (modern
vernacular) have
> no redeeming virutes.
They trashed one of the systems at a site I used to work at (before I was
there).
>From the description at the site these people have no redeeming values.
> They have in the past worked with financial institutions
> to reveal vulnerabilities with what at least appear to be nobel motives.
I've yet to find a financial services company that admits to hiring known
hackers and I'm in a position to be told the real story. They may claim
that this is the case but it doesn't make it so. even if they have been
hired they might well not have been if their employer knew they had form
hows about 6 international banks and 5 national??
oh and 7 governments??
not bad for a ex hacker...
and this is exactly why they hire folks like me...
system admins all over think there network is the entire world this is NOT
there fault this is a creation of the network being and yea they do a
great job ..what with dealing with secretaries who think they run the place
and fools trying dos games on sco etc.. but the facts are these same folks
look at the network from a attitude of connectivity and thats there
training and job and sometimes there lives ..I congradulate them in the
work they do..
BUT!
Hackers see things from a different point of veiw if Chaos damaged
something...sheeesh nail them but if you dont know they did (ie where there
and saw the logs and know who had the addy in use at the time) its
dangerous to say otherwise (lawyers love hackers as 99% of the time the
proof is just say so (unless the hacker is a dill)) but who was it that
showed citibank how to get there pants on just recently?? and who was it
that at M.I.T (yes that mit) showed the profs how there new network was
vulnerable?? (besides being 17 and female was doing a great job) yes these
where the scum bags you hate so much.. hackers ,crackers, whatever the cool
name for them is.. I was/am/hope to be one for the duration i breath.. and
am proud that a small aussie outfit who is staffed by these very same
lowlives help other folks (for a fee yes) make the best out of what they
have.. you see i'm now the boss of that outfit.. and we do a good job too
(or our clients say we do anyway)
but frankly lets stop the hacker/cracker bashing and lets get on with this
approach to solveing this hassle of activeX ..work with us and the rest of
the folks and point the fingers at the lunitics who do damage systems
..just catch them first ok??
Back to the topic now please????
oh and has anyone seen the javascript approach for initialiseing a ftp
transfer of your harddrive when you visit a site??? looks like a lot of the
new stuff about has hassles..
cheers
John Johnson WWW http://www.novatech.net.au
Tactical Director email novatech@novatech.net.au (business)
NovaTech Internet Security knytmare@nectar.com.au (private)
Australias Leading Dedicated Internet and Network Security Consultants
